> But how do I know if the maker of the app is sending my SSH credentials to his server or something?
You have to ask the maker to open source his app and you have to check whether he built app from the same sources (probably with some repeatable build scheme). It's not something I ever saw, so you'll have some things to research, but it's not something impossible.
> Does apple check that? Is the process how apple prevents this documented somewhere?
They probably do have some kind of firewall monitoring network requests of the app when they check it. But of course they don't read sources, they don't reverse-engineer the app. So their abilities are pretty limited. You shouldn't trust that any app from the AppStore is guaranteed not to be harmful.
iOS has a sandbox model which should limit app abilities to read data from other apps. But you shouldn't trust this sandbox model too. Every iOS version was jailbroken which means that crackers can find vulnerabilities to elevate privileges.
Overall AppStore is safer than more liberal proprietary app sources. You are not likely to catch some wide-targeted malware there. But it's not a panacea.
You have to ask the maker to open source his app and you have to check whether he built app from the same sources (probably with some repeatable build scheme). It's not something I ever saw, so you'll have some things to research, but it's not something impossible.
> Does apple check that? Is the process how apple prevents this documented somewhere?
They probably do have some kind of firewall monitoring network requests of the app when they check it. But of course they don't read sources, they don't reverse-engineer the app. So their abilities are pretty limited. You shouldn't trust that any app from the AppStore is guaranteed not to be harmful.
iOS has a sandbox model which should limit app abilities to read data from other apps. But you shouldn't trust this sandbox model too. Every iOS version was jailbroken which means that crackers can find vulnerabilities to elevate privileges.
Overall AppStore is safer than more liberal proprietary app sources. You are not likely to catch some wide-targeted malware there. But it's not a panacea.